1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-03-16 12:03:03 -05:00
Simon Tatham 08f1e2a506 Add an option to disable the dynamic host key policy.
This mitigates CVE-2020-14002: if you're in the habit of clicking OK
to unknown host keys (the TOFU policy - trust on first use), then an
active attacker looking to exploit that policy to substitute their own
host key in your first connection to a server can use the host key
algorithm order in your KEXINIT to (not wholly reliably) detect
whether you have a key already stored for this host, and if so, abort
their attack to avoid giving themself away.

However, for users who _don't_ use the TOFU policy and instead check
new host keys out of band, the dynamic policy is more useful. So it's
provided as a configurable option.
2020-06-21 16:39:47 +01:00
..
2019-03-18 23:09:24 +00:00
2006-12-19 10:28:44 +00:00
2019-04-19 12:08:31 +01:00
2017-05-07 16:29:01 +01:00
2017-05-07 16:29:01 +01:00